AVALOSYS OY'S PRIVACY POLICY

In this privacy policy, we explain how we process personal data. Personal data refers to information that can identify a person, such as an email address, home address, and phone number. The purpose of the privacy policy is to help understand what personal data we collect, why personal data is collected, and how we process, protect, store, and delete data. Additionally, you will find information about your rights, instructions on exercising your rights, and contact details for further information.


AVALO’S ROLE IN PROCESSING PERSONAL DATA


Avalosys Oy (hereinafter referred to as Avalo) offers its clients secure cash management automation software and services and acts as a data processor or a sub-processor when handling clients' personal data. General information about Visma's role as a data processor can be found at https://www.visma.com/privacy-statement/finland

Avalo acts as a controller when we determine the purposes and means of processing personal data. In addition to providing implementation, maintenance, and support services according to our service agreements, these purposes include supplier relationship management, customer relationship management, customer service provision, service development, marketing, recruitment, and security-related processing activities.


When offering secure cash management automation services, Avalo processes personal data on behalf of client companies acting as controllers. In such cases, Avalo processes personal data on behalf of the client, according to their instructions.


Avalo is responsible for the security of services and the continuity of service production in collaboration with clients and subcontractors. We ensure the confidentiality of the processing of personal and other sensitive data through various measures and require our subcontractors to comply with the EU’s General Data Protection Regulation (GDPR).


Personal data is processed by Avalo for several reasons. The customer and Avalosys are responsible for their respective legal and contractual obligations, either as a controller or a data processor.


This privacy policy describes how Avalo collects, uses, stores, and protects personal data. By 'customer', we refer to Avalo’s clients and potential clients, the client’s employees, or other relevant parties.


This privacy policy includes the following sections:


  1. Purpose of collecting personal data by Avalo
  2. Legal grounds for collecting personal data by Avalo
  3. Personal data collected by Avalo
  4. Sources of personal data collected by Avalo
  5. Recipients with whom Avalo can share personal data
  6. How Avalo protects personal data
  7. Privacy rights of registered data subjects
  8. Duration of personal data retention by Avalo
  9. Amendments to the privacy policy by Avalo
  10. Contacting Avalo or the data protection authority


If you have questions about the details described, we're happy to provide further clarification.


  1. PURPOSE OF COLLECTING PERSONAL DATA BY AVALO


We collect and process personal data to fulfill our statutory obligations, provide the implementation, maintenance, and support services according to our service agreements, and manage customer relationships. We also collect and process personal data for appropriate commercial purposes, such as selling Avalo's products and services and making offers.

We do not use collected personal data for automated decision-making or profiling.


  2. LEGAL GROUNDS FOR COLLECTING PERSONAL DATA BY AVALO


In Avalo, the processing of personal data is based on


  1. Agreement with the customer and is necessary for the execution of the agreement


The primary purpose of processing personal data is to collect and process personal data before making offers and agreements and to document, manage, and execute tasks according to the agreement.


Examples of tasks related to executing the agreement include opening services, customer service, and billing for software deliveries and services according to the agreement.


   2. Compliance with laws, regulations, or requirements of authorities


In addition to executing the agreement, processing personal data may be necessary to comply with our statutory obligations. Obligations requiring personal data processing are included in accounting legislation.


   3. Avalo's legitimate interest in providing information as part of the service and marketing and selling other services


We also process personal data in connection with marketing activities. We may contact you to inform you about new features of our products, or market and sell Avalo's products or services. We may also process personal data for marketing research and customer surveys.


  4. Consent for other possible purposes


In certain situations, we may process personal data based on the individual's consent. These situations include exploring technical or commercial collaboration opportunities with third parties.


   3. PERSONAL DATA COLLECTED BY AVALO


The collected and processed personal data can be categorized as follows:

A. Personal data processed for Avalo's own business needs, controlled by Avalo

B. Personal data processed on behalf of our customers as a data processor


Personal data under category A includes:


  1. Customer contact information
  • First and last name, phone number, email address, position/title within the company, identification details for the ticketing system

  2. Customer company contact details

  • Company name and addresses, phone number, VAT identification number

  3. Commercial information related to products or services used by the customer

  • Offer, order, and contract details, as well as billing and collection details

  4. Possible customer or interaction history information

  • Contacts by email and phone related to, for example, notifying the customer of service changes and planned actions like customer meetings, or other product and service-related communication like feedback and development ideas


Personal data under category B includes:


  1. Personal data disclosed and materials containing personal data provided by the customer for delivering and initiating the service according to the contract and managing daily operational tasks
  • Support service materials sent by the customer
  • First and last name, email address, and identification details required for using the service for company users

   2. Personal data processed in AvaloCloud services

  • Personal data required by payment service legislation and payment and account reporting service providers to execute contractual cash management services


   4. SOURCES FROM WHICH AVALO COLLECTS PERSONAL DATA


Personal data is mainly collected from the customer themselves or the customer's representative during meetings and in other situations where the customer discloses their information. Personal data is also obtained through the use of Avalo's services via email and phone. We use cookies and other tracking technologies to provide the best possible experience when you use Avalo's services and interact with us. We may also collect personal data from publicly available external sources, such as registers maintained by authorities, for example, registers of the Patent and Registration Office and the Tax Administration. In addition to the above, personal data is collected through the use of banking services enabled by Avalo's software.


   5. RECIPIENTS TO WHOM AVALO MAY DISCLOSE PERSONAL DATA


Avalo does not regularly disclose, use, or utilize information for purposes other than those related to the service agreement. Customer data is not shown or disclosed, nor is it given unauthorized access through a technical interface or other means to third parties.

We may disclose personal data to other parties as required by law to authorities and with the customer's consent to our business partners.

Avalo may disclose personal data to


  1. Authorities to the extent permitted or required by law
  • For example, to fulfill an information request from a competent authority or related to legal proceedings.

  2. Our business partners

  • For example, to execute accounting and auditing according to accounting regulations

  3. Possible other third parties when we deem disclosure necessary to exercise our rights, protect the safety of the customer or others, and investigate fraud.

  4. Within the Visma group when necessary for service execution.


We have agreements with selected service providers that include processing personal data on behalf of Avalo. Such agreements are made, for example, with suppliers providing ticketing systems and server resources for producing support services. We ensure that all our service providers comply with data protection legislation.


   6. HOW AVALO PROTECTS PERSONAL DATA


Avalo follows good data processing practices and data protection regulations required by the European General Data Protection Regulation when processing customer personal data.


We have appropriate technical, physical, and organizational security procedures to protect all the information we hold from loss, misuse, unauthorized access, disclosure, alteration, and destruction. We use technical, physical, and organizational security procedures to ensure data privacy in all our activities.


   7. PRIVACY RIGHTS OF REGISTERED DATA SUBJECTS


Individuals registered in Avalo's database have the following rights regarding the personal data held by Avalo.


  1. Right to be informed about processing


Individuals have the right to know how their personal data is processed. This information is available in this privacy policy. Questions regarding the processing of personal data can also be posed to Avalo.


  2. Right of access to information


Individuals in our registry have the right to check what personal data has been stored in the registry about them.

The right can, however, be limited by law to protect the privacy of others and business practices. Avalo's business secrets may limit access to information.


  3. Right to rectification


If information is incorrect or incomplete, individuals have the right to request correction of the error or completion of incomplete information.


  4. Right to erasure


Individuals have the right to erasure of information when they revoke consent for processing, and there is no justified reason for processing. Data can also be deleted when a person objects to processing for direct marketing purposes.

Avalo may have a legal obligation to retain personal data in certain situations, even after the end of the customer relationship if data processing is necessary to comply with statutory obligations.


  5. Right to restrict processing


Individuals have the right to request Avalo to restrict processing of personal data to storage only.


  6. Right to withdraw consent


When processing of personal data is based on the individual’s consent, they have the right to withdraw consent at any time.


  7. Right to lodge a complaint with the data protection authority


If an individual feels that their personal data has been processed illegally, they can file a complaint with the data protection authority. Contact details are provided below. However, we encourage you first to contact Avalo directly, so we can address your concerns.


If an individual wishes to exercise the above rights, requests will be evaluated on a case-by-case basis. The request should be submitted in writing and signed to Avalo’s contact person. We may ask the requesting party to prove their identity if necessary. We will respond to customers within the time frame specified by the EU Data Protection Regulation (generally within a month).


   8. DURATION OF PERSONAL DATA RETENTION BY AVALO


We retain personal data for as long as it is needed for the purpose for which it was collected and processed, or as long as laws and regulations require.


If we retain personal data for purposes other than executing the contract, such as accounting, we retain data only if it is necessary for that purpose and/or legally required.


   9. AMENDMENTS TO THE PRIVACY POLICY BY AVALO


The privacy policy may be subject to changes from time to time. This privacy policy was last updated on 15.05.2025.


   10. CONTACTING AVALO OR THE DATA PROTECTION AUTHORITY


If you have questions about the privacy policy, you can contact us by email at info@avalosys.com or call our support service.

If you feel that the processing of personal data is not appropriate, you have the right to contact the Data Protection Ombudsman. Contact details can be found here:https://tietosuoja.fi/en/contact-information